Each year, Black Duck names ten new open source projects as their Rookies of the Year. Former winners include Bootstrap, Ansible, Docker, Tox, and many other amazing projects. We’re honored to be acknowledged alongside such great projects as well as the other rookies this year.

We’d like to thank the community for their enthusiastic support of the project, as well as the dedicated group of volunteers who maintains the project.

2014 was a great beginning to the project, but 2015 will see OpenBazaar move out of beta and into a platform that can be used for free trade online, with Bitcoin, anywhere in the world. Let’s make trade free together.

We’ll be giving a 20-minute lightning talk on Sunday afternoon. But most importantly, we’ll stick around and will be happy to demo OpenBazaar to you on Saturday and Sunday, answer your questions, talk about code, trade, law, anonymity, privacy, politics, and bitcoin, and discuss our vision for the future. Of course, we won’t be skipping the traditional FOSDEM beer either.

We’ll be happy to present you our GPG keys so that you can verify their authenticity in person.

We recently faced a minor security incident at the OpenBazaar GitHub repository.

An attacker was able to briefly gain push access and make code changes that remained undetected for about one hour, by pretending to be a developer with contributor access who lost access to his normal account. The changes that the attacker made to the code were insignificant and were not related to security – they were mostly tests. Only the “develop” branch was affected, not the “master” branch. As our users run the “master” branch, we expect no users to be affected by this breach.

We reverted the code changes immediately and access rights were restored. We don’t expect anyone to be affected by this attack. As a response to the attack, we are on the process of developing more rigorous security policies which would require proper authentication for committer username changes. Our new policies will also include operational security requirements for existing developers. In response to the attack and in coordination with GitHub, we have ensured that the accounts of the attacker have been appropriately banned.

As part of our transparency commitment to our users, we are publishing this security incident so that people are aware of our potential problems and solutions.